Copyright © 2022- basebox GmbH, all rights reserved.
Licensed to be used in conjunction with basebox, only.

broker Reference

HTTP Endpoints

broker provides various HTTP endpoints (or paths) your client needs to call to handle authorization and GraphQL requests.

Method: POST

Handles GraphQL requests.

The configuration file is in TOML syntax; it is very similar to good old INI files and organizes options in sections, denoted by square brackets.

log_level: Type: String
Set broker's log level or verbosity; we recommend setting it to info. Possible values from least to most verbose are:
"error", "warn", "info", "debug", "trace"

schema_file: Type: String
Path and filename to your project's GraphQL schema file.
allow_introspection: Type: boolean
Set to either true or false. Turns GraphQL introspection on or off. Should be off for production!

host: Type: String
Host name or IP address of the network interface broker should listen on for requests. For production use, this should be set to the IP address of the host; use "0.0.0.0" to listen on all available interfaces and "127.0.0.1" to only accept local connections (for testing etc). If you set this to a hostname, broker will bind to the IP address returned from a DNS lookup. Example: "127.0.0.1"
port: Type: Integer
Port number; default is 80 for http, 443 for https.
Example: 8080
workers: Type: Integer
Number of HTTP server threads to spawn; default is one per CPU core.
Example: 2
tls_key_file: Type: String
Path and file name of TLS/SSL key file.
Example: "/path/to/key.pem"
tls_cert_file: Type: String
Path and file name of TLS certificate (chain) file.
Example: "/path/to/cert.pem"
max_request_size: Type: Integer
Maximum allowed HTTP request size in bytes; default is 256k.
Example: 262144

This section defines how the broker should connect to dbproxy.

host: Type: String
host name or IP of basebox DB proxy.
Example: "127.0.0.1"
port: Type: Integer
The TCP/IP port of dbproxy.
Example: 8081
tls: Type: Boolean
Whether to use TLS to connect to dbproxy; set to true or false.
Example: false

jwks_file: Type: String
Path and file name to a JSON Web Key Set (JWKS) file. This file contains the public keys that broker uses to verify access token signatures. This is an alternative to specifying the discovery_url and jwks_url fields below and can be used for environments that have no access to the internet. Example: "/path/to/jwks.json"
discovery_url: Type: String
URL of IdP's discovery endpoint; only needed if jwks_url is not set. If both fields are not set, the discovery URL is made up by appending ".well-known/openid-configuration" to the iss field.
jwks_url: Type: String
URL of IdP's public keyset; optional if discovery_url is set or can be derived from the iss field
iss: Type: String
Issuer field, usually the URL of the IdP realm, e.g. https://idp.example.com/realms/testing
aud: Type: String
Access token audience field

provider: Type: String
Name of the authentication provider to use for authentication management. Currently, only auth0 is supported.
domain: Type: String
Domain of your Auth0 realm; example: "your-tenant.auth0.com"
client_id: Type: String
Client ID of the machine-to-machine client that is allowed to get access tokens for the Management API.
https://auth0.com/docs/secure/tokens/access-tokens/get-management-api-access-tokens-for-production
client_secret: Type: String
Client secret of the machine-to-machine client that is allowed to get access tokens for the Management API.
https://auth0.com/docs/secure/tokens/access-tokens/get-management-api-access-tokens-for-production